Monday, February 10, 2014

On December 30, 2013, a hacking group called Caucasus Anonymous threatened “cyber war of the largest scale against the Russian government” unless it stopped preparations for the 2014 Sochi Winter Olympics. It was the most visible cyber threat yet in the run-up to the Games. Motivated in part by a 19th century battle near Sochi in which Tsarist Russian forces allegedly massacred one million Circassians (a North Caucasus ethnic group), Caucasus Anonymous vowed to “infect and break servers” in Russia and make good on its mission to get “Pay Back for Sochi.”

It is “unlikely” Caucasus Anonymous will execute a successful cyber attack against the Games, according to IHS Jane’s Intelligence. The group has limited capability, as demonstrated by the little impact its series of distributed denial-of-service (DDoS) attacks had on the website of the Central Bank of Russia in the fall of 2013. The group also faces a formidable foe in Russian President Vladimir Putin’s “ring of steel,” an extensive security and surveillance cordon surrounding the Olympic Games that has served to make Sochi the “most secure venue on the planet.” Putin’s cyber-surveillance is such that a Russian journalist and security services expert said,“Everyone should expect that all their communications, all the technical devices like smart phones, laptops, will be completely transparent.” In addition, Caucasus Anonymous lacks the needed manpower to break through the robust electronic security measures put in place by the Olympic Games’ top-tier sponsors like Coca Cola, General Electric, and McDonalds.

Caucasus Anonymous, however, has all the elements of danger. It is affiliated with the Caucasus Emirate, arguably the “most innovative, capable, and deadly terrorist organization anywhere on the globe.” It is based in the North Caucasus, “one of the most dangerous places on Earth,” where a day rarely goes by without Russian security officials and alleged insurgents attacking and killing one another. The two suicide bombers who killed 34 people in Volgograd in December 2013 hailed from its most violent province, Dagestan. The North Caucasus is also still part of the Russian Federation, the most sophisticated and powerful cyber state in the world, next to the United States.

In short, cyber terrorists like Caucasus Anonymous can have enormous geostrategic consequences, for three reasons. First, they can do severe economic damage. Should a North Caucasus-based cyber terrorist group successfully attack Russia’s energy infrastructure—as cyber militias in Estonia, Latvia, Lithuania, Georgia and Kyrgyzstan have already threatened to do—this would devastate the country’s economy and undermine the Putin regime, as well as affect a large proportion of globalcommerce that has moved into cyberspace over the last decade.

Second, cyber terrorists from the North Caucasus can rally global support quickly and easily through cyber-propaganda. The Tsarnaev brothers, the alleged Boston marathon bombers with roots in the North Caucasus, were reportedly inspired by the region’s Islamist extremists through radical internet videos. If cyber terrorist groups effectively exploit the Russian government’s crackdown on democratic freedoms in the North Caucasus, they could easily garner regional and international attention and upgrade from being a low threat to a high threat.

Finally, North Caucasus-based cyber terrorists can alter global politics by acting as autonomous, non-state actors beyond their president’s control. In the post-Stuxnet era, when organized and empowered cyber militias have demonstrably penetrated critical infrastructure systems present in nuclear power plants, air traffic control systems, gas pipelines, banking systems, and electric grids, this is worrisome. That is not to say Putin is not trying to rein them in. As demonstrated by his deployment of 40,000 heavily armed police and other security officials to the Games site, and his use of brute force, economic inducements, and the installation of Moscow loyalists in the North Caucasus, Putin has been actively addressing the terrorist threat, especially in the run-up to the Games. But Putin’s policies are limited. He “has yet to pursue a negotiated political settlement addressing the region’s underlying grievances,” which range from ethnic and religious tensions to disputes over land, resources, and administrative boundaries. Also, he has yet to demonstrate he can fully accept American offers of security assistance. His “unilateral” approach to domestic security leaves U.S. security agencies frustrated and convinced Russians are suspicious, reluctant and “loath to share” information. Of course, both countries’ negative attitudes towards each other are reflective of the shaky U.S.-Russia relationship, which worsened considerably last year with Russia’s refusal to hand over Edward Snowden, U.S. President Barack Obama’s cancellation of a one-on-one meeting with Putin, and now the latest crisis in Ukraine. But the U.S.-Russia partnership is merely limited, not broken, and that should not preclude a partnership against cyber terrorism.

On their own, both countries take North Caucasus-based terrorism seriously. The U.S. government in 2011 designated the Caucasus Emirate as an international terrorist organization to stem the flow of financial and other assistance of the group. The Russian government in 2013 detained 700 people immediately following the attacks in Volgograd, then put out a law punishing “public appeals for separatism” with up to five years in prison. Both countries also take cyber security seriously. Obama in 2009 called the cyber threat one of the most serious economic and national security challenges the U.S. faces today. The Russian Defense Ministry announced earlier this year it would form a special cyber security force by 2017 to protect its army from computer attacks. But the two countries cannot act alone when they face the merging of one of the most dangerous parts of the world (North Caucasus) with one of the most dangerous security threats in the world (cyberterrorism). Caucasus Anonymous presents an opportunity.

The U.S. and Russia should not let the opportunity to forge a stronger security relationship pass. In the aftermath of the Boston marathon bombings, U.S. and Russian officials blamed each other for not following through on leads that might have identified the Tsarnaev brothers before they attacked. Months later, officials from both sides bickered over how many FBI agents could be allowed into Sochi for the Winter Games. The U.S. and Russia should stop arguing, and listen more. In its video message, Caucasus Anonymous said that it is “stronger now than it was yesterday, [even] a minute ago,” and is increasing its activity. If the two most powerful and capable cyber states in the world cannot agree this is a foe worth fighting together (however weak the foe’s current capabilities), then the cyber terrorists have already won, whether or not they attack the Olympics.

Richard B. Andresis professor of national security strategy at the U.S. National War College. Eirene Busa is a research intern at the Institute for National Strategic Studies. The opinions conveyed in the article are those of the authors and do not necessarily represent those of the Department of Defense or other government organizations.